Join Michael Neuenschwander, a well known name in the industry and Senior Director, Oracle Identity Management, on an IOUG webcast to discuss Identity as a Platform approach. Hear first-hand Mike's take on the Platform approach, the rationale behind the same and the results from a study conducted on the subject.

At Oracle, we understand that higher education’s environment can be one of the most complex and dynamic environments for managing identities. There are many individuals coming and leaving each semester. Many individuals have more than one responsibility at the same time (Professor, Student, Researcher, Employee etc). These factors present a unique challenge in how to accurately determine what a users role should be so that least privilege security can be obtained and in doing so, regulatory compliance and security requirements can be fulfilled. An intelligent identity analytics solution is the answer.

Join the webcast tomorrow and you'll learn how Oracle Identity Analytics is already playing a crucial role in helping higher ed organizations achieve their security and compliance objectives. Learn the key capabilities required of an identity analytics solution that can help you scale your compliance across your entire IT infrastructure (on premise or in the cloud) in a cost effective manner. This webcast will feature Neil Gandhi, Principal Product Manager at Oracle.

Tuesday Nov 15, 2011

Thanks to all who attended the live ISACA webcast on Limiting Audit Exposure and Managing Risk with Metrics-Driven Identity Analytics. We were really fortunate to have Don Sparks from ISACA moderate the webcast featuring Stuart Lincoln, Vice President, IT P&L Client Services, BNP Paribas, North America and Neil Gandhi, Principal Product Manager, Oracle Identity Analytics. Stuart’s insights given the team’s role in providing IT for P&L Client Services and his tremendous experience in identity management and establishing sustainable compliance programs were true value-add at yesterday’s webcast.

And if you are a healthcare organization looking to solve your compliance and security challenges, we recommend you join us for a live webcast on Tuesday, November 29 at 10 am PT. The webcast will feature experts from Kaiser Permanente, PricewaterhouseCoopers and Oracle and the focus of the discussion will be around the compliance challenges a healthcare organization faces and best practices for tackling those. Here are the details:

The ISACA webcast replay is now available on-demand and the slides are also available for download. Since we didn’t have time to address all the questions we received during the live Q&A portion of the webcast, we have captured responses to the remaining questions here. Please continue to provide us your feedback and insights from your experience in deploying identity compliance solutions.

Q. Can you please clarify the mechanism utilized to populate the Identity Warehouse from each individual application's access management function / files?

A. Oracle Identity Analytics (OIA) supports direct imports from applications. Data collection is based on Extract, Transform and Load (ETL) that eliminates the need to write connectors to different applications. Oracle Identity Analytics’ import engine supports complex entitlement feeds saved as either text files or XML. The imports can be scheduled on a periodic basis or triggered as needed. If the applications are synchronized with a user provisioning solution like Oracle Identity Manager, Oracle Identity Analytics has a seamless integration to pull in data from Oracle Identity Manager.

Q.Can you provide a short summary of the new features in your latest release of Oracle Identity Analytics?

Q. Will ISACA grant a CPE credit for attending this ISACA-sponsored webinar today?

A. From ISACA: Hello and thank you for your interest in the 2011 ISACA Webinar Program! Unfortunately, there are no CPEs offered for this program, archived or live. We will be looking into the feasibility of offering them in the future.

Q. Would you be able to use this to help manage licenses for software? That is to say - could it track software that is not used by a user, thus eliminating the software license?

A. OIA’s integration with Oracle Identity Manager, a leading user provisioning solution, allows organizations to detect ghost accounts or unused accounts via account reconciliation. Based on company’s policies, this could trigger an automated workflow for account deletion or asking for further investigation. Closed-loop feedback between the two solutions would then allow visibility into the complete audit trail of when the account was detected, the action taken, by whom, when and the current status.

Q. We have quarterly attestations and .xls mechanisms are not working. Once the identity data is correlated in Identity Analytics, do you then automate access certification?

A. OIA’s identity warehouse analyzes and correlates identity data across various resources that allows OIA to determine a user’s risk profile, who the access review request should go to, along with all the relevant access details of the user. The access certification manager gets notification on what to review, when and the relevant data is presented in a business friendly screen. Based on the result of the access certification process, actions are triggered and results recorded and archived. Access review managers have visual risk indicators that also allow them to prioritize access certification tasks and efforts.

Q. How does Oracle Identity Analytics work with Cloud Security?

A. For enterprises looking to build their own cloud(s), Oracle offers a set of security services that cloud developers can leverage including Oracle Identity Analytics. For enterprises looking to manage their compliance requirements but without hosting those in-house and instead having a hosting provider offer managed Identity Management services to the organizations, Oracle Identity Analytics can be leveraged much the same way as you’d in an on-premise (within the enterprise) environment. In fact, organizations today are leveraging Oracle Identity Analytics to manage identity compliance in both these ways.

Q. Would you recommend this as a cost effective solution for a smaller organization with @ 2,500 users?

A. The key return-on-investment (ROI) on Oracle Identity Analytics is derived from automating compliance processes thereby eliminating administrative overhead, minimizing errors, maintaining cost- and time-effective sustainable compliance processes and minimizing audit exposures and penalties.Of course, there are other tangible benefits that are derived from an Oracle Identity Analytics implementation as outlined in the webcast. For a quantitative analysis of your requirements and potential ROI calculation, we recommend you refer to the Forrester Study on Total Economic Impact of Oracle Identity Analytics. For an in-person discussion, please email Richard Caldwell.

Thursday Oct 27, 2011

Audits are not something we look forward to typically. Because audits mean we have to prepare for the exercise in addition to doing our daily jobs. Compliance mandates and company policies, however, have made access certification audits a necessary job function. In a large enterprise, that would mean, reviewing access for thousands of users across hundreds of applications in a dynamic environment i.e., where users change jobs, locations, move to and from projects, join or leave the company. The traditional spreadsheet model clearly can't work here. And even if you are somehow able to enforce access policies, how do you prove to your auditors the same? And hence, Audit Eye! If you haven't seen the video, you should check it out now.

BNP Paribas, North America took the access certification challenge head-on and triumphed. Are you looking at solving your complex access certification (attestation) challenges? Looking to make the the access certification process simpler, quicker and more reliable? Then, we invite you to come listen to Stuart Lincoln's presentation on a live ISACA webcast on how BNP Paribas, North America implemented well thought-out strategy and solution to make access certification review processes sustainable, convenient and streamlined and audits - a lot less painful. We look forward to a good conversation.

Thursday Aug 11, 2011

Thanks to all who joined us on our last week’s webcast on “Getting IT Right with an End-to-End Access Control Strategy”. Identity Management is about User Authentication, Authorization, Administration and Audit (the 4 A’s of Identity Management). But it doesn’t end with task automation. Identity Management needs to be smart (read: intelligent). It needs to ANALYZE the circumstances, understand the CONTEXT and CONTROL or manage the user interaction with the enterprise resources. Marc Boroditsky, Vice President, Oracle Identity Management, did a great job in explaining how end-to-end access control is really about becoming more context-aware with information backed by advanced analytics to offer more control.

The webcast replay is now available and we hope to continue the conversation we started with this webcast. In the meantime, I have captured the responses to the questions asked during the webcast.

Q. Is Identity Management strategic for Oracle?

A. Very much so. Oracle continues to make significant investments in Identity Management across all organizations including product development, customer and sales support, business development, marketing, and more.

Q. Where can I find the Aberdeen Report that Marc mentioned?

A. You can download the Aberdeen Report citing the findings on Platform vs. Point Solution Approach Study for Identity Management here.

Q. I was at one of the major health insurance providers recently. I was told not to bring laptop or any other hardware. I was told not to upload or download a file. Access to servers I was supposed to work on took 3+ weeks. Is that a smart way of doing security?

A. No access or limited access as a policy is detrimental to getting business done. And in fact, it may still not be an effective security measure. A smart approach would be to have layered security whereby only the right people have the right level of access to the right resources at the right time. When a user role or needs change, that change should also trigger user access and administration change. Moreover, all of this should be auditable. An integrated approach to user authentication, access authorization, administration and audit will accomplish this.

A. Oracle’s Identity Management stack plays a critical role in making the cloud environment secure for enterprises.

Identity federation is one area where standards such as SAML are quite mature and are being adopted by cloud providers and applications. Oracle Identity Federation (OIF) offers full range of standards-based federation between cloud applications and their customer’s applications.

Q. With the layered security approach, are you recommending that there be a specific order of implementation i.e. Directory Services, SSO and Provisioning first and then the remaining pieces?

A. The order of implementation and even the scope of implementation are based on the organization’s needs and the specific issues/business challenges you are trying to solve. Please connect with your account manager to discuss your specific needs and chart out the appropriate implementation plan for the best return-on-investment.

Q. Is Oracle Identity Management a new technology?

A. Oracle has been offering proven, best-of-breed Identity Management solutions for quite some time. With continued investment in technology and resources, Oracle’s Identity Management solutions portfolio has grown significantly over the years. For a complete list of Oracle Identity Management offerings and more information, please visit us at www.oracle.com/identity.

Q. Can I use Oracle Identity Management to centrally manage access for multiple external clients?

Q. How do we integrate the new Oracle Identity product with other large apps e.g. Siemens PLM product?

A. Oracle Identity Manager can integrate with Siemens PLM using the application’s API or if the application supports SPML, then by using SPML calls. Oracle Identity Manager’s Identity Connector Framework makes the integration process quite flexible, scalable and efficient. Most market leading applications and systems are supported out-of-the-box.

Q. How can the tool set transit the identity between the layers, for instance if I have a JBOSS server and a WebLogic server, how can I pass the identity from one to the other so that both can participate in this vision?

A. With Oracle Identity Management, you can externalize identities to a centralized identity platform supported by Oracle Platform Security Services (OPSS). OPSS allows you to abstract security, audit, and identity management functionality from applications so you no longer have to hard code these in individual applications thereby reducing the time and cost for application lifecycle. Read more about this revolutionary approach here.

Q. Would I need Oracle Directory Services if I have Oracle Identity Manager in-house?

A. Oracle Directory Services Plus and Oracle Identity Manager are complementary solutions. Oracle Directory Services Plus is the industry’s only integrated solution that offers identity virtualization, storage, proxy and synchronization services for high-performance enterprise and carrier-grade environments. Oracle Identity Manager is an identity administration and user provisioning solution that automates the process of adding, managing, updating and deleting user accounts on enterprise resources, whether on-premise or in the cloud. While these solutions work very well together and solve unique challenges, the implementation of one does NOT require the implementation of the other.

Hope this is just a start of our conversation on this subject. We look forward to hearing your feedback on the approach Marc alluded to during the webcast and how it applies to the organizations today.

Thursday Aug 04, 2011

In our last post, we talked about how new technologies and trends are driving the demand for identity management solutions. The question is: Are Identity Management solutions of today rising up to those challenges? While some of the time-tested Identity Management solutions are achieving maturity, the industry itself continues to evolve. No longer is Identity Management only about IT administration. The higher calling for Identity Management is (or should be) Business Enablement.

Oracle is hosting a live webcast today to discuss the evolving security and business (and user!) requirements and how that's changing the Identity Management solution and strategy set. Oracle's Vice President of Identity Management, Marc Boroditsky, will discuss how the conversation around Identity Management has completely changed over the last couple of years. Using data points and industry numbers, Marc will discuss how we need to re-think the concept of what an "end-to-end access control" solution should look like.

Please join in on the conversation because the webcast today is a discussion of recent findings and proof points not a lecture or a prescription on the topic. We look forward to an animated Q&A round with you today.